User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:security:start [2011/09/09 07:24]
wiki:security:start [2014/01/08 10:20] (current)
sunweaver [SQLite]
Line 1: Line 1:
 +====== Thoughts on Security ======
 +===== Session Database Backends =====
 +==== PostgreSQL ====
-====== Database Access ====== 
-===== Postgres ===== 
-<note>No known exploits</note> 
-Security on database Level 
-===== SQLite ===== +  * In X2Go Server versions prior to (or for the Baikal LTS release branch), there used to be [[|root exploit]] that got reported and fixed around X-mas 2013.
-<note>No known exploits</note> +
-  - Change to x2go-user using suid-perlThis is needed as there is common database. +
-  Prepared statements should make things safe.+
-====== x2goprint ======+==== SQLite ==== 
 +  * In X2Go Server versions prior to (or for the Baikal LTS release branch), there used to be a [[|root exploit]] that got reported and fixed around X-mas 2013. 
 +====== X2Go client-side Printing ======
 <note important>Might be exploited if someone becomes x2goprint-user</note> <note important>Might be exploited if someone becomes x2goprint-user</note>
-  - X2goServer == CUPS Server+  - X2goServer == CUPS Serverlatest implementation (as of 20110909)
-    - latest implementation: +
       - cups-x2go CUPS backend runs as root       - cups-x2go CUPS backend runs as root
       - as root the backend launches x2goprint (without sudo!!!)       - as root the backend launches x2goprint (without sudo!!!)
       - x2goprint script changes owner ship of PDF file and pushes it into SSHFS share towards the X2go client.       - x2goprint script changes owner ship of PDF file and pushes it into SSHFS share towards the X2go client.
 +        * using X2go printing locally (X2go server == CUPS server) then security (sudo) is not an issue any more(?) 
 +          * Nope still is (not a big one, though): Using CUPS the user can easily be faked, allowing to fill someone else's quota or print at their home printer.
   - X2goServer != CUPS Server:   - X2goServer != CUPS Server:
     - The Cups-server connects the x2go-Server as x2goprint-user using ssh-key auth.     - The Cups-server connects the x2go-Server as x2goprint-user using ssh-key auth.
Line 46: Line 49:
   * Currently Pulse-Audio authentication using a cookie-file is used.   * Currently Pulse-Audio authentication using a cookie-file is used.
   * No option of encryption, but can be tunneled via SSH.   * No option of encryption, but can be tunneled via SSH.
-  * When using the TCE the client has only one user. Therefore the following user may get sounds from the previous, suspended user.+  * When using the TCE the client has only one user. Therefore the following user may get sounds from the previous, suspended user, if not tunneling pulseaudio.
 ===== Solution for privacy ===== ===== Solution for privacy =====
Line 55: Line 58:
   * This also solves issues if the client get disconnected unexpectedly.   * This also solves issues if the client get disconnected unexpectedly.
-====== x2goagent ====== +Morty: I looked into this recently (End of 2011). Unfortunately, due to the buffering done on the serverthis might start to "swing" (playback getting faster and slower again and again). 
-<note>Needs review</note> +
-  * Is it possible to hijack an x2go-session? If yeshow? What can we do about it? +
 +====== X2Go Agent ======
 +  * [[;a=commitdiff;h=147d22c44167b9b2d4afbdaf17262555a7af713b|This issue has been fixed]]: x2goagent/nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/nxagent binds to localhost only. Refer to:
 +  * Now, only for XDMCP session the listening port 6050+ is opened (otherwise XDMCP queries do fail)
 +  * If people need x2goagent listening on TCP, it can also be re-enabled in ''/etc/x2go/x2goagent.options''.
wiki/security/start.1315553070.txt.gz ยท Last modified: 2013/03/08 13:31 (external edit)